Security Model
Each wallet makes different trade-offs between convenience and trust. Core desktop verifies everything yourself; the web wallet trusts the hosting server’s integrity; the extension trusts the browser sandbox; mobile wallets trust the app store and OS keystore. Understand which trust assumptions apply to the wallet you use before holding meaningful value.
This page is not a guarantee that a wallet is safe for every use. It is a threat-model map so you can choose the right wallet and operating practice.
Wallet threat model
| Wallet | Main security strength | Main trust assumptions | Main failure modes |
|---|---|---|---|
| Desktop Core | Local full-node validation and local wallet file | Device integrity, release authenticity, backup discipline | Malware, lost passphrase, missing wallet backup, unsafe RPC exposure |
| Browser Extension | Convenient local browser wallet | Browser profile integrity, extension authenticity, user approval flow | Malicious extensions, phishing approvals, profile loss, weak password |
| Android | Mobile convenience with local device storage | App authenticity, OS/device integrity, remote chain data | Phone compromise, lost device, missing recovery phrase, malicious app source |
| Web Wallet | No install and fast access | Hosted app delivery, browser integrity, user recovery discipline | Phishing, malicious served code, weak password, missing export/recovery material |
| iOS | Planned | Planned | Not available yet |
What post-quantum keys do and do not solve
Tidecoin replaces ECDSA with post-quantum signature schemes, but wallet users can still lose funds through normal operational failures. Post-quantum signatures do not protect against malware, phishing, fake downloads, leaked recovery phrases, exposed private keys, or sending to the wrong address.
Recommended balance tiers
| Use | Wallet posture |
|---|---|
| Tiny test amount | Any official wallet, after backup. |
| Daily spending | Extension, Android, web, or Core depending on device risk. |
| Larger personal holdings | Core on a dedicated, updated device with offline backups. |
| Service or operator funds | Core, controlled deployment, restricted RPC, monitoring, and documented recovery procedure. |
Hardening checklist
- Verify wallet downloads when release verification data is available.
- Keep wallet software and the operating system updated.
- Use wallet encryption where available.
- Keep recovery material offline.
- Use separate wallets for daily spending and storage.
- Never expose wallet RPC to the public internet.
- Test recovery before relying on a backup.
- Use a small first transfer with any new wallet, venue, or counterparty.
Recovery assumptions
Core wallet backups preserve wallet-local PQHD secret material. Descriptor exports are useful metadata, but they are not full backups by themselves. Lighter wallets may use mnemonic phrases or key exports; follow the exact backup format that wallet provides.
See also: Start Here / Safety Checklist, Start Here / Back Up Your Wallet, Import & Export, Node Operations / RPC Security.